This patch enables the "mcast_flood_reports" and "mcast_flood" (on provnet
ports only) options in the Logical Switch Ports in the OVN driver. Without
these options, the ovn-controller will consume the IGMP queries and won't
send it to the LSP ports, meaning that external IGMP queries will never
arrive to the VMs.
In talks to the core OVN team, it was suggested [0] to enable the
"mcast_flood_reports" option by default in the OVN driver (at least until
fixed in core OVN) as a workaround to this problem. And, to avoid having
to update all ports (which can be many) based on the igmp_snooping_enable
configuration option, we are always setting "mcast_flood_reports" to
"true" in the LSPs. This won't cause any harm (also confirmed by core
OVN developers [0]) since it will be ignored if multicast snoop is
disabled.
[0] https://bugzilla.redhat.com/show_bug.cgi?id=1933990#c3
Closes-Bug: #1918108
Change-Id: I99a60b9af94b8208b5818b035e189822981bb269
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
(cherry picked from commit b04d64b90f)
When a subnet is updated or created, the metadata port is updated too,
to add the fixed IP address of the new subnet. In this case, the port
should update only the IP address of this specific subnet.
Change-Id: I05394e49077a72199bbc80c8cb622ec2b17f2fa7
Closes-Bug: #1890432
(cherry picked from commit 93225e016b)
Do not report ovs agent state when ovs is dead,
and let neutron-server mark service as down. So
cluster admin could determine there is a problem
of the given ovs agent
Change-Id: Ib4b06c7877a7343f4204d4f4f5863931717ff507
Closes-Bug: #1910946
(cherry picked from commit 5d8f3fd614)
Setting the ovsdb_probe_interval after Connection.start() is
called means that the probe interval is not changed from
python-ovs's default of 5s until after the initial copy of the
database is retrieved. On busy systems, this can time out and
cause infinite reconnects.
This patch passes the probe_interval argument to the ovs.db.Idl
class so that it can be set as part of creating the jsonrpc
Session.
Some unit tests were removed and replaced with a functional test
which ensures not just that set_probe_interval is called, but that
the value is actually set before the connection is established.
Conflicts:
neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_impl_idl_ovn.py
Closes-bug: #1905611
Change-Id: I8c940ac8f7632c69607dea7220146ef59d55ed56
(cherry picked from commit 5783e95288)
When a port is removed, the linuxbridge agent cleans up the chains
neutronARP-* and neutronMAC-*, but in some cases this chains still
contains rules and ebtables fails with `CHAIN_USER_DEL failed (Device or
resource busy)`. Flushing the chains before deleting them, fixes that
issue.
Change-Id: Icfcf8c5406cfdc47fabf012e82ed56c345a73af8
Closes-Bug: #1887281
(cherry picked from commit 2207b88544)
The smartnic port's MTU should be set according to the network's MTU
which the port belongs to.
Closes-Bug: #1899864
Change-Id: Ibcc29c998065da521b35e5845727794a68782db0
Signed-off-by: Xiaoyu Min <jackmin@nvidia.com>
(cherry picked from commit fc1fe016aa)
Removal of non-gateway port on DVR router deletes all the DVR to
SRC mac flows for the instances of same subnet on that compute node.
The instances are not reachable from any other network.
This patch checks if the DVR router port is gateway for the subnet
or not. And deletes the DVR-SRC mac flows only if it is gateway port.
The DVR-SRC mac flows are deleted if the gateway is not set for the subnet.
Change-Id: Iadc1671c862f8c01e5761e92b82a04849d4bb411
Closes-Bug: #1892405
(cherry picked from commit 329ea19f8b)
Prior to this patch the IGMP configuration for ML2/OVN was inconsistent
with the configuration option description and also the ML2/OVS driver
because it was flooding traffic to unregistered VMs [0].
The "igmp_snooping_enable" configuration option says:
"Setting this option to True will also enable Open vSwitch
mcast-snooping-disable-flood-unregistered flag. This option will disable
flooding of unregistered multicast packets to all ports."
But, in ML2/OVN that behavior was inconsistent prior to this patch
because it allowed traffic to flood to unregistered VMs. This patch
fixes it.
Conflicts:
neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py
[0]
https://opendev.org/openstack/neutron/src/branch/master/neutron/conf/agent/ovs_conf.py#L36-L47
Change-Id: I5cbe09e26120905b29351d61bbadb30b5dd14938
Closes-Bug: #1904399
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
(cherry picked from commit 9dc8bca740)
When there is no openflow firewall, aka the ovs agent security group
is disabled or Noop/HybridIptable, this patch will introduce a different
ingress pipeline for bridge ports which will avoid ingress flood:
(1) table=0, in_port=patch_bridge,dl_vlan=physical_vlan action=mod_vlan:local_vlan,goto:60 (original)
(2) table=60, in_port=patch_bridge action=goto:61 (new)
(3) table=61, dl_dst=local_port_mac,dl_vlan=local_vlan, action=strip_vlan,output:<ofport> (changes)
And changes the local ports pipeline:
(1) table=0, in_port=local_ofport action=goto:25 (original)
(2) table=25, in_port=local_ofport,dl_src=local_port_mac action=goto:60 (original)
(3) table=60, in_port=local_ofport,dl_src=local_port_mac action=local_vlan->reg6,goto:61 (changes)
(4) table=61, dl_dst=local_port_mac,reg6=local_vlan, action=output:<ofport> (changes)
Closes-Bug: #1884708
Closes-Bug: #1881070
Related-Bug: #1732067
Related-Bug: #1866445
Related-Bug: #1883321
Change-Id: Iecf9cffaf02616342f1727ad7db85545d8adbec2
(cherry picked from commit 959d8b6d73)
Since [1], RowEventHandler._watched_events do not use name mangling.
OvnDbNotifyHandler, inheriting from RowEventHandler, can access to
this variable.
[1]https://review.opendev.org/#/c/752797/
Change-Id: I545c31977799c4ea51e037b631a49306da9c4a3b
Partial-Bug: #1897928
While fixing https://bugs.launchpad.net/neutron/+bug/1876148 we've made
the add_router_interface method idempotent and it no longer raised a
Conflict if the same interface was added twice, this broke the
test_add_interface_in_use from neutron-tempest-pluign.
Change-Id: I76d46a4c3c8af166e022894a5693d5c78555ea50
Closes-Bug: #1895671
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Trivial-ish patch that sets if_exists=True to the pg_del() command when
deleting the port group.
Change-Id: I7c10c8fc2c11329c58fc43b9d611b0aeea2b2ed5
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
After https://review.opendev.org/#/c/745746/ there are new calls to
'with self.lock' which fail in unit tests that only use a Mock object
for the Connection that is passed to an API impl object. Switching to
MagicMock fixes it.
Closes-Bug: #1893965
Change-Id: Icbcb5e004dfa777877d1865a5018262344c7e415
This change removes the "_check_ofport" function and its use form
the ovs_lib.py file.
By skipping ports without a unique ofport in the "get_vifs_by_ids"
and "get_vifs_by_id" functions, the OVS agent incorrectly treated
newly added port with an ofport of -1 as removed ports in the
"treat_devices_added_or_updated" function.
Co-Authored-By: Rodolfo Alonso Hernandez <ralonsoh@redhat.com>
Change-Id: I79158baafbb99bee99a1d687039313eb454d3a9b
Partial-Bug: #1734320
Partial-Bug: #1815989
The core OVN team has introduced a new table called Chassis_Private to
avoid nb_cfg flooding when checking for the Chassis' status. The OVN
driver does rely on that mechanism for the agent liveness mechanism.
This patch makes use of this new table but it's also backward
compatible.
For more information, check the core OVN changes at:
https://patchwork.ozlabs.org/patch/1254394.
Closes-Bug: #1892477
Change-Id: Iea4263b852d1e3f81eb2557918ea3cbb7adb8016
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
There is no real reason we should be using some of the
terms we do, they're outdated, and we're behind other
open-source projects in this respect. Let's switch to
using more inclusive terms in all possible places.
Change-Id: I99913107e803384b34cbd5ca588451b1cf64d594
This is a subset of the changes for implementing the floating IP
port forwarding feature in neutron, using OVN as the backend.
This changeset updates ovn_db_sync utility and its tests to
ensure that floating ip port forwarding can be repaired.
Depends-On: https://review.opendev.org/#/c/741303/
Change-Id: I7a158173252e73e081914f242133634c41de7999
Partially-implements: ovn/port_forwarding
Partial-Bug: #1877447
OVN firewall driver can't silently normalize CIRDs given in
the security group rule's "remote_ip_prefix".
Because of that if user created rule with not normalized CIDR, it
wasn't applied by the OVN driver.
Now OVN driver will normalize such rules before applying them.
The OVN driver will now also check if SG rules with same normalized
and same direction, port range, protocol and ethertype already exists in
the SG. If so, it will not add or remove rule in the OVN.
Rule will be added or removed only if there is no other same rules in
the SG.
Change-Id: I0d9295545384844e81b0ffe3aa7483324f9a9ae5
Related-Bug: #1869129
This is a subset of the changes for implementing the floating IP
port forwarding feature in neutron, using OVN as the backend.
This changeset covers the additions to northbound api needed for
handling load balancer entries created on behalf of port forwarding.
Depends-On: https://review.opendev.org/#/c/729354/
Change-Id: I7d0aa51468dbd2c298395c3dccd8f222e87032d8
Partially-implements: ovn/port_forwarding
Partial-Bug: #1877447
By raising an exception when an option is invalid we broke the Ironic +
OVN + Neutron DHCP agent combination that enabled deploying baremetal
machines.
This patch is changing the approach to just log the invalid options
instead of failing the request so that the OVN driver can still be used
with Ironic.
Change-Id: I5e98297acefb62f9a9c1200ccfaac0672eeeed2c
Closes-Bug: #1888649
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
The general usage of verify() is if you are doing something like:
ports = row.ports
ports.append('newport')
row.ports = ports
where you read a value from the db, modify it, then overwrite it.
The setkey/addvalue/delvalue mutate functions make it largely
unnecessary to use verify(), so this patch removes those.
Change-Id: Idd42491dcaa10ec36c963b477438eaa2336ef3a0
OVN creates localport [1] for each network that has metadata
and allocate IP address from subnet within this network that has
DHCP enabled. The traffic from this port will never go outside
the chassis.
While using multiple segments with subnet linked to each segment
OVN needs to create an allocation of IP address for each of those
subnets [2] in order to generate data for OVN NBDB IPv4 DHCP Options.
The change [3] started to validate that condition, while multiple
IP addresses from different segments are tried to be allocated on
one port. We can skip this for OVN Metadata port, because there
is no reason to prevent those kind of allocation for OVN.
[1] http://www.openvswitch.org/support/dist-docs/ovn-architecture.7.html
[2] 5f42488a9a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py (L2279)
[3] https://review.opendev.org/#/c/709444/
Change-Id: Ib51cde89ed873f48db4daebc27a0980da9cc0f19
Closes-Bug: 1871608
While port has QoS policy configured the policy wasn't deleted
because of logic issue.
Change-Id: I3d7e70a4a110c68a89d6c575abf121cd9b97e439
Closes-Bug: #1886962
When creating the OVS manager, define the command timeout
(CONF.OVS.ovsdb_timeout) and inactivity probe time
(CONF.OVS.of_inactivity_probe)
NOTE: CONF.OVS.of_inactivity_probe is defined in seconds but the
parameter should be passed to ovs-vsctl in milliseconds [1].
[1]http://www.openvswitch.org/support/dist-docs/ovs-vswitchd.conf.db.5.txt
Depends-On: https://review.opendev.org/#/c/720785
Change-Id: I8ed1fc85c2f78710bf6589ba3deca518471339b8
Closes-Bug: #1868686
Commit 90212b12 changed the OVS agent so adding vital drop flows on
br-int (table 0 priority 2) for packets from physical bridges was
deferred until DVR initialization later on. But if br-int has no flows
from a previous run (eg after host reboot), then these packets will hit
the NORMAL flow in table 60. And if there is more than one physical
bridge, then the physical interfaces from the different bridges are now
essentially connected at layer 2 and a network loop is possible in the
time before the flows are added by DVR. Also the DVR code won't add them
until after RPC calls to the server, so a loop is more likely if the
server is not available.
This patch restores adding these flows to when the physical bridges are
first configured. Also updated a comment that was no longer correct and
updated the unit test.
Change-Id: I42c33fefaae6a7bee134779c840f35632823472e
Closes-Bug: #1887148
Related-Bug: #1869808
OVN distributed services like Metadata and DHCP uses now
DEVICE_OWNER_DHCP device_owner which isn't distributed by its nature.
To fully use benefits of OVN Distributed ports (localports) [1]
and to not overlap with Neutron logic created for not-distributed
ports we should use new device_owner.
In this change we need also to bump minimum required
neutron-lib to 2.4.0.
[1] https://www.ovn.org/support/dist-docs/ovn-nb.5.txt
Change-Id: I0a69f1bddaa7030c7287216e62ec1ac6dd381475
Subnet delete triggers dhcp port deletion but asynchronously,
therefore in the condition described in the bug report we may
get a conflict when deleting the segment too fast after the subnet.
Here we follow the example of how we auto-delete ports in net delete.
Please also find a fullstack test in Related-Change below.
Change-Id: Iba02f5a2211b18c2deb9097daad6be5e7d21faf8
Closes-Bug: #1878632
Related-Change: https://review.opendev.org/728904
Now that we use setproctitle for neutron-server workers (and
neutron-keepalived-state-change), this has the side effect of changing
the process name for agents, impacting some monitoring systems. More
details in launchpad bug.
This patch fixes it by setting the name with setproctitle to:
agent name (original process name).
Also use the newly introduced name constants to replace existing
hardcoded uses.
Change-Id: I74c3a4d3e9f833752571a75f196560cd45529385
Closes-Bug: #1881297
OVN's API called get_port_groups is poorly named and has misleading docstring.
It returns only the OVN port groups that map to the security group in Neutron.
Therefore, it should be called get_sg_port_groups.
Closes-Bug: #1883716
Related-Bug: #1881316
Change-Id: Iae3f413dd1c4b0813b05d9bfd593c9e709540370
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
This patch is adding support for the router_availability_zone extension
for Neutron.
The OVN driver will now read from the router's availability_zone_hints
field and schedule the router ports onto OVN chassis belonging to those
AZs.
Since the OVN driver does not rely on the L3 agent, this patch does not
re-use the configuration option for the agent to configure the
availability zone that a Chassis belongs to (even because there's no
configuration file in nodes such as networker nodes). Instead, this
patch reuses the "ovn-cms-options" field from the local OVSDB to
configure the Chassis. The follow syntax has been used:
$ ovs-vsctl set Open_VSwitch .
external-ids:ovn-cms-options="enable-chassis-as-gw,availability-zones=az0:az1"
In the example above, the Chassis has been configured to belong to two
AZs: "az0" and "az1".
This patch also implements listing the availability zones:
$ openstack availability zone list
As well as validating the router's availability zone hints:
$ openstack router create --availability-zone-hint az0
--availability-zone-hint az1 test_router
The above command would fail if there's no "az0" and "az1" configured in
any OVN chassis.
Documentation for this feature is being written and will be submitted
in a separated patch.
Partial-Bug: #1881095
Change-Id: I4567f3d541d382b6432c1ab3d35276d81ce71d82
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
As stated in the bug description, there are many writes of the
agent liveness external_ids into the Chassis table. There was a
protection to avoid bumping nb_cfg too frequently.
The same protection is reused to avoid writing into the Chassis
external_ids.
This patch reduces the number of transactions to the SB database
and, therefore, the recomputations that it causes to ovn-controller
in all nodes.
Change-Id: I5db90fde8e7394772ec23c6384c711096c246621
Closes-Bug: #1883554
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
Prior to this patch, if the [ovn]/enable_distributed_floating_ip
configuration option changed in an existing environment the OVN
driver wouldn't adapt to it requiring administrators to clear up the
"external_mac" column from the NAT table manually for the existing
floating ips.
With this patch, OVN will automatically correct existing NAT entries for
floating ips whenever this option changes.
To make the code simpler when handling the port up/down event this patch
always set the logical_port and the neutron:fip_external_mac key in the
external_ids column of the NAT entry when creating the floating ip.
Note that we are not using the maintenance task for this either, we are
re-using the event that set/unset the "external_mac" column for this
because, whenenver the service is restarted (after the configuration is
changed, we need to restart for it to take effect) the IDL will re-trigger
those events.
Closes-Bug: #1883559
Change-Id: I6a85fdde2558d781bf2853c5d11c5c964bbab81f
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This patch removes unused UpdateACLsCommand which was previously used by the
code using Address Sets but that has been already removed. OpenStack API
doesn't implement update operation for security group rules so this
command is not needed anymore.
Change-Id: Iea4a82a21d32a064ff5dd530e104a2de2efb46b5
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Port_Groups table has been introduced in OVN 2.10 and we've moved in
master to newer version since. This patch removes all references to code
branching between port_groups and address_sets, and also removes
unneeded Address_Set commands and references.
Change-Id: I592d31db9be76d9be202d79d942e15b1668e3c0e
If new segment is created/old deleted we should update its
localnet port in related Logical_Switch.
Added also missing code to sync tool in order to delete provnet
ports in case of leftovers.
Change-Id: I6b864ba1c168643640a64bd7c25e1d0fc0ea348a
Related-Bug: 1865889
Currently codes only support assocate tunnel network and vlan network
to DVR router. This patch add codes that make the flat network assocate
to DVR router and make it work fine.
The patch also remove two unused constant entries: 'FLAT_VLAN_ID' and
'LOCAL_VLAN_ID'
Change-Id: I7d792ce288d96548298f169748565266a130bd86
Closes-Bug: #1876092
When a port is created the dns-assignment (dns-domain part)
was always taken form Neutron config dns_domain which is not
always true, since it could be Neutron network dns_domain or
the dns_domain sent when creating the port
Change-Id: I7f4366ff5a26f73013433bfbfb299fd06294f359
Closes-Bug:1873091
Recent changes in some versions of iproute2 CLI output (v4.18),
have invalidated the regular expression used to parse the
"ip link" output.
To solve this problem and avoid future ones, pyroute2 is used to
retrieve the virtual functions information and set the VF attributes
(spoofcheck, min_tx_rate, max_tx_rate and link_state).
pyroute2 extended the "ip link" support to retrieve this information,
adding "ext_mask=1" in the get command. If no virtual functions are
present in this particular network interface, the added method,
"get_link_vfs", will return an empty list.
The set commands can return a "InterfaceOperationNotSupported" in
case the operation is not supported. For min_tx_rate, if the driver
does not support to set a minimum bandwidth, an "InvalidArgument"
(from a pyroute2.NetlinkError(22)) exception will be raised.
Change-Id: I680da4f64bd114f1caecaaeedbf8a4b1915a0849
Closes-Bug: #1878042
In case when physical bridge is removed and created again it
is initialized by neutron-ovs-agent.
But if agent has enabled distributed routing, dvr related
flows wasn't configured again and that lead to connectivity issues
in case of DVR routers.
This patch fixes it by adding configuration of dvr related flows
if distributed routing is enabled in agent's configuration.
It also adds reset list of phys_brs in dvr_agent. Without that there
were different objects used in ovs agent and dvr_agent classes thus
e.g. 2 various cookie ids were set on flows in physical bridge.
This was also the same issue in case when openvswitch was restarted and
all bridges were reconfigured.
Now in such case there is correctly new cookie_id configured for all
flows.
Change-Id: I710f00f0f542bcf7fa2fc60800797b90f9f77e14
Closes-Bug: #1864822
Prior to this patch OVN did not validate any extra DHCP option passed
to the port leading to confusion because the user of the API could just
input any value and OVN would accept it (returning 200) but ignoring the
option internally.
This patch now adds such validations on port creation and update.
This patch also sync with the latest supported DHCP options from OVN and
create a map between the different names and option codes to their OVN
counterpart.
Closes-bug: #1874282
Change-Id: I99799e54e941cdd8da2614feecad1ef6299703fc
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
The periodic job running ovsdbapp master started failing after the
ovsdbapp custom indexing patch merged. There were just some things
that needed to be mocked out.
Closes-Bug: #1879717
Change-Id: I37d4c655662dd9d55b6096f2dc4fc861894706d2
Back in Newton, patch [1] added to the agents possibility to report in
the heartbeat messages if hybrid plug of the ports is required or not.
Usage of "firewall_driver" option by mechanism drivers (so on the
server's side) was kept just for backward compatibility.
But as we are now about 4 years from the [1] I think it should be safe
to do small cleaning, remove usage of this option in the neutron server
and not confuse users where this config option has to be set and why.
[1] https://review.opendev.org/#/c/311814/
Change-Id: I2ccc4c8784c64858acaa3c3431cf9a3d13e5e154
OVNL3RouterPlugin inherits from L3_NAT_dbonly_mixin, which inherits
from neutron.extensions.l3.RouterPluginBase
As maintenance task expects OVNL3RouterPlugin to behave as
RouterPluginBase, the add_router_interface should have the signature:
add_router_interface(self, context, router_id, interface_info)
Note: With this change, the default behavior of OVNL3RouterPlugin's
_add_neutron_router_interface becomes idem-potent: multiple calls to add
the same interface will not fail. Because of that, the unit test
test_router_add_interface_dup_port no longer makes sense and is being
removed.
Closes-Bug: #1876148
Change-Id: I8010113b4d8c66ecbccf3126f322a8836d92e7ba
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
The patch adds a short living connection in pre-fork routine that
creates neutron_pg_drop Port Group. Later after workers are spawned,
each worker also creates a short living connection and waits for an
event that the Port Group was created.
The short living IDLs limit its tables only for relevant tables so it
doesn't fetch the whole OVS DB to the local copy.
Closes-bug: #1866068
Change-Id: I1f5af36b8c3d5650f890edfed3c33dc206869824
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Now that we are python3 only, we should move to using the built
in version of mock that supports all of our testing needs and
remove the dependency on the "mock" package.
This patch moves all references to "import mock" to
"from unittest import mock". It also cleans up some new line
inconsistency.
Fixed an inconsistency in the OVSBridge.deferred() definition
as it needs to also have an *args argument.
Fixed an issue where an l3-agent test was mocking
functools.partial, causing a python3.8 failure.
Unit tests only, removing from tests/base.py affects
functional tests which need additional work.
Change-Id: I40e8a8410840c3774c72ae1a8054574445d66ece
The delete_port() method from OVNClient has a potential problem of
leaving stale ports when RowNotFound is raised from the process to
delete the port from the OVN database. Since the exception is not
granular enough, the RowNotFound could be raised from other objects that
are part of the same transaction (such as ACLs, DNS entries, etc...)
resulting in the revision for the port being deleted even tho the port
is still in the database.
Instead of giving a pass on the RowNotFound exception, this patch is
logging the error and re-raising it without deleting the revision.
Change-Id: I25b93b7c080403fc38365b638e4e03298b447d0f
Partial-Bug: #1874733
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Lucas Alvares Gomes
Rodolfo Alonso Hernandez
shenjiatong
Terry Wilson
Lukas Steiner
Xiaoyu Min
Hemanth Nakkina
LIU Yulong
Sean Mooney
Brian Haley
Flavio Fernandes
Slawek Kaplonski
Maciej Józefczyk
Darragh O'Reilly
Bence Romsics
Bernard Cafarelli
Daniel Alvarez
Jakub Libosvar
Yang JianFeng
hamalq